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CLAIMS 
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1. Method for sending messages over secure communication links in networte 
comprising at least a first terminal being able to change its method of network 
access and at least one other terminal with one or more possible Intemiediate 
computers between the first temiinal and the other temiinal perfonnlng network 
address and/or other translatior,s, a secure communication link being established 
between an Initial network address of the firet temtinal and the address of tiie other 
tenninal. the link defining at least the addresses of the two terminals and 
performing encapsulation in said secure communication link to overcome network 
address and/or other translations made by said intemiediate computers on the 
route, characterized by 

a) the first terminal moving from said initial network address to a new network 

address, 

b) sending a request message using encapsulation from the first tenninal to the 
other tenninal to change said secure connection to be between the new address 
of the first tenninal and- the other tenninal. the request also containing a 
description of the encapsulation method peifbnned by the first tenninal on the 
basis of which description the other temninal detects translations perfbmied by 

20 said intermediate computers, 

c) the other tenninal responding to the first terminal v»flth a reply message with a 
description about translations made by said possible Intemiediate computers 
between the new address of the first tenninal and the other tenninal and/or 
encapsulation methods supported by the other tenninal, and 

d) thereafter sending the message from the first temiinal to the other tenninal by 
using the information sent ww'th said reply. 

2. Method of dalml.characterlzed in that, the description of the message 
Include source and/or destination addresses on the basis of which the receiving 
tenninal detects address translations perfonned by intermediate computers. 



25 



30 



Empf .2eit:26/03/2004 09:25 



AMENDED^SHEET.^ p 



+358 3 2517 5378 



15 

3. Method of claim 1 , c h a r a c t e r i 2 e d fn that the description of the message 
includes information about encapsulation protocols, as well as source and 
destination TCP or UDP ports. 

4. Method of claim 3. c h a r a c t e r i 2 e d in that the NAT traversal Is 
performed by UDP encapsulation. TCP encapsulation andAor by some other 
encapsulation. 

5. Method of any of claims 1 - 4, c h a r a c t e r i z e d In that after receiving of 
the request message by said other terminal sent In step c), the other terminal 
determines by examining the request, which translations and/or 
encapsulations are required in the traffic between the first tennlnal and the 

.other terminal. 

6. Method of claim 5, c h a r a c t e r i z e d in that the reply message of step c) 
contains information about the communication link to be used between the 
new address of the first terminal and said other terminal. 

7. Method of claim 6. c h a r a c t e r i z e d In that the information about the 
communication link includes information about whether NAT traversal and/or 
other ^capsulation shoidd be used. 

8. Method ofanyofclalmsl -5. characterized in that in step c) the first 
tenninal compares the descriptions of the request respective reply messages 
and sends all subsequent messages from this new network address on the 
basis of the comparison teliing what encapsulations, protocols and rules 
should i^e used in the further communicatioa 

9. Method of any of claims 1-8, characterized Inthatthe secure 
comrnunication link is formed by using the IPSec protocol. 
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1 0. Method of claim 9. c h a r a c t e r I z e d in that the message in step d) is sent 
by using IPSec and NAT traversal updated to the new network address of the 
first terminal, 

1 1 . Method of claim 7or 8, characterized in that the message in step d) is 
sent without NAT traversal in the communication link if on the basis of the 
comparison in claim 8, the descriptions correspond to each other or If so 
informed by the other terminal in claim 7. 

12. Method of any of claims 1 characterized in that the secure 
connection Is an IPSec SA. 

1 3. Method of claim 12. c h a r a c t e r I z e d in that for fonning the IPSec SA. a 
key exchange mechanism that passes through NAT is used. 

1 4. Method of Claim 12. c h a r a c t e rl z e d in that the key exchange protocol is 
IKE if the NAT device supports ttie UDP protocol. 

16. Method of daim 14, c h a r a c t e r i z e d In that for fbrming the IPSec SA. a 
key exchange mechanism is used wherein several traversal mechanisms are 
used simultaneously lo increase the chance that at least one of them pass 
' through the NAT device. 

16. Method of daim 12, characterized In that for fbrming the IPSec SA, a 
25 key ^change mechanism is performed in which a negotiation process is used 

to agree on protoccris io be used in the further communication. 

17. Method of daim 12, c h a r a c t e r i 2 e d in that for fbmiing the IPSec SA. an 
encapsulation protocol is used in the key exchange mechanism. 
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18. Methodofanyofdalmsl -17. characterized in that the address of the 
oOier terminal is the end destination address of messages sent from the first 
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terminal, in which case transport or tunnel mode is used in the iPSec 
communication. 

19. Method of any of claims 1-17, characterized in thai the destination 
5 address of the message is the address of a host whidi is ndt the other 

temninal. In which case tunnel mode or transport mode together vwth a 
tunnelling protocol is used in the IPSec communication. 

20. Method of any of claims 1-7, 8-19, characterized in that several 
10 request messages of st^ b) are sent, each processed uding a diflierent 

traversal mechanism, where after the other terminal intficates in the reply 
which mechanisms to be used in the lUrther communication. 
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